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REMARKS 

In an office action dated November 2004, the Examiner rejects claims 1-26. 
However, Applicants respectfully point out that claims 1-11, 13-17, 19-23, 25-26 (aU 
pending claims) are the only claims pending in this application. Claims 12,18, and 24 
were canceled in a response to an office action submitted on 24 February 2004. In 
response to the office, Applicants respectfully traverses the rejection. Claims 1-11, 13-17, 
19-23, and 25-26 remain in the Application. In light of the following arguments. 
Applicant respectfully requests that this Application be allowed. 

In the Office Action, the Examiner rejects claim 1 under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent Number 6,574,666 Bl issued to Dutta (Dutta) in 
view of U. S. Patent number 6,658,571 Bl issued to O'Brien et al (O'Brien). In order to 
maintain a rejection the Examiner has the burden of providing evidence of prima facie 
obviousness. See MPEP §2143. See also In Re Vaeck. 947 F.2d 488, 20 USPQ2d 1438 
(Fed. Cir. 1991). In order to prove prima facie obviousness, the Examiner must provide 
evidence in the prior art of a motivation to combine or modify a reference, a reasonable 
expectation of success, and a teaching of each and every claimed element. Id. 
Applicant asserts the examiner has failed to provide evidence of a teaching of each and 
every claimed element or evidence of a proper motivation to combine the references. 

Applicant maintains that Dutta does not teach the foewall system recited in claim 
1. Specifically, Dutta does not teach an inspection module that receives packets and 
provides protocol inspection of the packets. Furthermore, the inspection module may be 
added during operation of the firewall core. The Examiner has found that the arguments 
to this point to be persuasive. However, the Examiner has ignored this point in the new 
rejection as the same references to Dutta teaching this Umitation are again recited in the 
new rejection. Therefore, Applicant will again set forth the argument previously 
presented to show that Dutta does not teach this limitation. 

Applicant wants to point out that the gist of Applicant's argument is that Dutta 
does not teach that the firewall contains two different modules that perform different 
functions, namely, the firewall core and the at least one inspection module. The firewall 
core passes packets to at least one inspection module. The Dutta teaching does not 
teach this feature. Dutta teaches the firewall either applies a rule or retrieves a rule and 
applies the rule to a packet. There is no teaching whatsoever of transmitting the packet 
to an inspection module. Therefore, Dutta does not teach all of the claimed elements as 
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arranged in the claim. The following remarks highlight that aU of the limitations are not 
taught and therefore are asserted again for the Examiner's consideration. 

Claim 1 recites at least one inspection module coupled for communication to said 
firewall core, each said at least one inspection module configured to provide protocol 
inspection of data packets to said firewall core, said firewall core configured to -receive 
data packets from said plurality of communication interfaces and communicate said 
packets to said at least one inspection module for inspection, said at least one inspection 
module is further configured to be installed during the operation of the firewall system. 
Dutta does not teach this limitation. Instead, Dutta teaches a firewall system in which 
rules in a database may be retrieved by a firewall system to test the packets. In claim 1, 
the firewall core sends the packet to an inspection module that performs testing based 
upon rules stored in the module. Each module is software that is being executed to 
perform testing of a packet. Applicant cannot find any mention in Dutta of the use of 
different modules to test packets in a firewall system. 

The Examiner states .that an inspection module is taught by Col. 5, lines 1-12 
which states: 

... (the executing fetching instructions), which in 
one embodiment is also impleriiented in the kemel, and in 
another embodiment is implemented at the application 
layer. The fetching process retrieves a pertinent rule and 
sends it to the firewall process, which loads it at the firewall. 
This embodiment advantageously separates the functions 
of the traditional firewall from retrieving a rule by the 
firewall for a packet. This keeps the firewall instructions 
relatively simple, and a maintains a certain level of security 
by separating the firewall process from interactions with 
e.g. an external database from which rules are to be 
retrieved to be loaded at the firewall. 

Applicant does not see anything in this recited section that teaches an inspection 
module that provides inspection of packets for a firewall core. Instead, cited section 
teaches a firewall process for testing packets that has a separate fetching function that 
retrieves rules for tesfing to be used by a firewall process. There is no mention of 
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separate modules for providing different tests as recited in claim 1. Furthermore, there is 
no mention of new modules that may be loaded during execution of the firewall process. 
Thus, the at least one inspection module recited in claim 1 is not taught by Dutta. 

O'Brien also does not teach at least one inspection module coupled for 
communication to said firewall core, each said at least one inspection module configiired 
to provide protocol inspection of data packets to said firewall core, said firewall core 
configured to receive data packets from said plurality of communication interfaces and 
communicate said packets to said at least one inspection module for inspection, said at 
least one inspection module is further configured to be installed during the operation of 
the firewall system as recited in claim 1. Instead O'Brien teaches modules that grant or 
deny access of resources to software applications based upon the application requesting 
a resource or the resource being requested. See Col. 3, lines 41-43. The modules 
monitor system calls made by applications and permit access to resources based upon 
system calls. See Col. 5, line 45-Col. 6, line 17. There is no mention anywhere in the 
O'Brien document of modules that monitor packets being sent between systems. Thus, 
O'Brien does not teach the inspection module recited in amended claim. 

Since neither Dutta nor O'Brien teaches the inspection module recited in a claim 
1. Applicants request that this rejection be removed and claim 1 be allowed. 

Even if the combination of Dutta and O'Brien teaches the inspection module 
claimed in claim 1, the Examiner has not provided evidence of a motivation to combine 
the references. As stated in the MPEP and case law state that "The mere fact that 
reference can be combined or modified does not render the resulting combination 
obvious unless the prior art suggests desirability of the combination." See In re Mill, 
916 F2d 680 (Fed. Cir. 1990). See also MPEP §2143.01. In the office action, the 
Examiner merely asserts that one skilled in the art would use security modules to reduce 
damage caused by malicious software without additional software. First, there is no 
support for this statement in either reference. Second, O'Brien standing alone solves the 
problem stated. See Abstract. 

Furthermore, case law and the MPEP require the proposed modification cannot 
render the prior art unsatisfactory for its intended purpose. See MPEP §2143.01. See 
also In re Gordon . 733 F2d 900 (Fed. Cir 1984). If the purposed modification were made 
the firewall of Dutta would include security modules that monitor systems calls to restrict 
access to resource by software. This does not improve the unauthorized access to the 
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system prevented by the firewall in Dutta. Furthermore, there is no improvement of 
restricting access to resources by monitoring the packets received by the system. Dutta 
and O'Brien are providing two different forms of security. Both systems are adequate 
for their intended purpose and combining the two would add a second function to each 
system. Thus, the combination is not permitted. 

Furthermore, it appears the Examiner is using impermissible hindsight engineering 
to make the combination. The Examiner had previously found that Dutta taught some 
of the functions of claim 1. When Apphcant pointed out that the inspection modules of 
claim 1 inspected the packets and could be added at run time, the Examiner merely 
found a reference that taught modules that had nothing whatsoever to do with a firewall 
and added the reference merely for the teaching of the module regardless that the 
modules did not inspect packets and were used for an entirely different function. For 
the above reasons, the combination is not supported by evidence and Applicants 
respectfully request the rejection of claim 1 be removed. 

Claims 2-5 are dependent upon claim 1. Thus, claims 2-5 are allowable for at least 
the same reasons as claim 1. Therefore, Applicant respectfully requests that the 
rejections to claims 2-5 be removed and claims 2-5 be allowed. 

In the Office Action, the Examiner rejects claim 6 under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent Number 6,574,666 Bl issued to Dutta (Dutta) in 
view of U. S. Patent number 6,658,571 Bl issued to O'Brien et al (O'Brien). In order to 
maintain a rejection the Examiner has the burden of providing evidence of prima facie 
obviousness. See MPEP §2143. See also In Re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 
(Fed. Cir. 1991). In order to prove prima facie obviousness, the Examiner must provide 
evidence in the prior art of a motivation to combine or modify a reference, a reasonable 
expectation of success, and a teaching of each and every claimed element. Id. 
Applicant has asserts that the Examiner has failed to provide a teaching of each and 
every claimed element and a motivation to combine the references. 

Claim 6 recites a firewall core that monitors a memory for inspection modules that 
are loaded into a memory during operation of the firewall system. Dutta does not teach 
this limitation. Instead, Dutta teaches a system that receives a packet, determines if a rule 
for testing the packet is in the firewall, and retrieving the rule from a database if the rule 
is not in the firewall. This is different from a core system that reads a memory to 
determine when a new module for performing tests is added to the memory. Thus, Dutta 
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does not teach claim 6. Therefore, applicant requests that the rejection of claim 6 be 
removed and claim 6 be allowed. 

O'Brien also does not teach claim 6 instead O'Brien teaches a security master 
that provides an application programming interface for the security modules to used to 
register. In O'Brien the security modules must actively register with the master. While 
in claim 6, the call back functions are retrieved by the firewall core from a new module 
detected in active memory. Thus, O'Brien does not teach the call back function of claim 
6. Since neither Dutta nor O'Brien teach the callback functions recited in claim 6, the 
combination does not teach the call back functions. Thus, Applicants respectfully 
request that rejection of claim 6 be removed. 

Even if the combination of Dutta and O'Brien teaches the inspection module 
claimed in claim 6, the Examiner has not provided evidence of a motivation to combine 
the references. As stated in the MPEP and case law state that "The mere fact that 
reference can be combined or modified does not render the resulting combination 
obvious unless the prior art suggests desirability of the combination." See In re Mill, 
916 F2d 680 (Fed. Cir. 1990). See also MPEP §2143.01. In the office action, the 
Examiner merely asserts that one skilled in the art would use security modules to reduce 
damage caused by malicious software without additional software. First, there is no 
support for this statement in either reference. Second, O'Brien standing alone solves the 
problem stated. See Abstract. 

Furthermore, case law and the MPEP require the proposed modification cannot 
render the prior art unsatisfactory for it intended purpose. See MPEP §2143.01. See 
also In re Gordon . 733 F2d 900 (Fed. Cir 1984). If the purposed modification were made 
the firewall of Dutta would include security modules that monitor system calls to restrict 
access to resource by software. This does not improve the unauthorized access to the 
system prevented by the firewall in Dutta. Furthermore, there is no improvement of 
restricting access to resources by monitoring the packets received by the system. Dutta 
and O'Brien are providing to different forms of security. Both systems are adequate for 
their intended purpose and combining the two would add a second function to each 
system. Thus, the combination is not permitted. 

Furthermore, it appears the Examiner is using impermissible hindsight engineering 
to make the combination. The Examiner had previously found that Dutta taught some 
of the functions of claim 6. When Applicant pointed out that the inspection modules of 
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claim 1 inspected the packets and could be added at run time, the Examiner merely 
found a reference that taught modules that had nothing whatsoever to do with a firewall 
and added the reference merely for the teaching of the module regardless the modules 
did not inspect packets and were used for an entirely different function. For the above 
reasons, the combination is not supported by evidence and Applicants respectfully 
request the rejection of claim 6 be removed. 

Claims 7-9 are dependent upon claim 6. Thus claims 7-9 are allowable for at least 
the same reasons as claim 6. Therefore., Applicant respectfully requests that the 
rejections of claims 7-9 be removed and claims 7-9 be allowed. 

In the Office Action, the Examiner rejects claim 6 under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent Number 6,574,666 Bl issued to Dutta (Dutta) in 
view of U. S. Patent number 6,658,571 Bl issued to O'Brien et al (O'Brien). In order to 
maintain a rejection the Examiner has the burden of providing evidence of prima facie 
obviousness. See MPEP §2143. See also In Re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 
(Fed. Cir. 1991). In order to prove prima facie obviousness, the Examiner must provide 
evidence in the prior art of a motivation to combine or modify a reference, a reasonable 
expectation of success, and a teaching of each and every claimed element. Id. 
Applicant asserts that the Examiner has failed to provide a teaching of each and every 
claimed element and a motivation to combine the references. 

Claim 10 recites a function table of an inspection module that is loaded into a 
memory monitored by the firewall core during operation of the firewall system. This is 
not taught by Dutta. Instead, Dutta teaches a system that can retrieve a rule for testing a 
packet when the rule is not currently in the firewall system. There is no mention of the 
firewall system having a core that monitors a memory for function tables of new 
inspection modules that can test packets in new types of protocols where the function 
table gives call back function for providing packets to the inspection module for 
inspection. Thus, the function table recited in claim 10 is not taught by Dutta. 

O'Brien also does not teach the function table in claim 10 instead O'Brien 
teaches a security master that provides an application programming interface for the 
security modules used to register. In O'Brien the security modules must actively register 
with the master. While in claim 6, the call back functions are retrieved by the firewall 
core from a new module detected in active memory. Thus, O'Brien does not teach the 
function table recited by claim 10. Since neither Dutta nor O'Brien teach the callback 
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functions recited in claim 10, the combination does not teach the call back functions. 
Thus, Applicants respectfully request that rejection of claim 6 be removed. 

Even if the combination of Dutta and O'Brien teaches the function table claimed 
in claim 10, the Examiner has not provided evidence of a motivation to combine the 
references. As stated in the MPEP and case law state that "The mere fact that reference 
can be combined or modified does not render the resulting combination obvious unless 
the prior art suggests desirability of the combination." See In re Mill, 916 F2d 680 (Fed. 
Cir. 1990). See also MPEP §2143.01. In the office action, the Examiner merely asserts 
that one skilled in the art would use security modules to reduce damage caused by 
malicious software without additional software. First, there is no support for this 
statement in either reference. Second, O'Brien standing alone solves the problem stated. 
See Abstract. 

Furthermore, case law and the MPEP require the proposed modification cannot 
render the prior art unsatisfactory for its intended purpose. See MPEP §2143,01. See 
also In re Gordon . 733 F2d 900 (Fed. Cir 1984). If the purposed modification were made 
the firewall of Dutta would include security modules that monitor system calls to restrict 
access to resources by software. This does not improve the unauthorized access to the 
system prevented by the firewall in Dutta. Furthermore, there is no improvement of 
restricting access to resources by monitoring the packets received by the system. Dutta 
and O'Brien are providing two different forms of security. Both systems are adequate 
for their intended purpose and combining the two would add a second function to each 
system. Thus, the combination is not permitted. 

Furthermore, it appears the Examiner is using impermissible hindsight engineering 
to make the combination. The Examiner had previously found that Dutta taught some 
of the functions of claim 10. When Applicant pointed out that the inspection modules of 
claim 10 inspected the packets and could be added at run time, the Examiner merely 
found a reference that taught modules that had nothing whatsoever to do with a firewall 
and added the reference merely for the teaching of the module regardless the modules 
did not inspect packets and were used for an entirely different function. For the above 
reasons, the combination is not supported by evidence and Applicants respectfully 
request the rejection of claim 10 be removed. Therefore, Applicant requests that the 
rejection of claim 10 be removed and amended claim 10 be allowed. 
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Claims 11, 13 and 14 depend from claim 10. Thus, claims 11, 13, and 14 are 
allowable for at least the same reasons as claim 10. Therefore, Applicant requests that 
the rejections to claims 11, 13, and 14 be removed and claims 11, 13, and 14 be allowed. 

Claim 15 recites a method for loading an inspection module that is claimed in 
claim 10. Thus, claim 15 is allowable for at least the same reasons as claim 10. Thus, 
Applicant respectfully requests that the rejection of claim 15 be removed and amended 
claim 15 be allowed. 

Claims 16, 17, 19 and 20 depend from claim 15. Thus, claims 16, 17, 19 and 20 are 
allowable for at least the same reasons as claim 15. Therefore, AppHcant requests that 
the rejections to claims 16, 17, 19, and 20 be removed and claims 16, 17, 19, and 20 be 
allowed. 

Claim 21 claims a device that includes instructions for directing a computer to 
perform the method of claim 15. Thus claim 21 is allowable for at least the same reason 
as claim 15. Therefore, Applicant respectfully requests that rejection of claim 21 be 
allowed and amended claim 21 be allowed. 

Claims 22, 23, 25 and 26 depend from claim 21, Thus, claims 22, 23, 25 and 26 are 
allowable for at least the same reasons as claim 21. Therefore, Applicant requests that 
the rejections to claims 22, 23, 25, and 26 be removed and claims 22, 23, 25, and 26 be 
allowed. 

If the Examiner has any questions regarding this application or this response, the 
Examiner is invited to telephone the undersigned at the below number. 



Dated: February 7, 2005 



Sierra Patent Group, Ltd. 
P.O. Box 6149 
StateUne, NV 89449 
(775) 586-9500 
(775) 586-9550 Fax 



Respectfulh? submitted, 
SIERRA^TEI/r GROUP, LTD. 



lam P. Wilbar 
Reg. No.: 43,265 



15 



